1 / 29

Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010

Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010. Outline. Subject of class Class topics and organization Reading material Class web page Grading Projects Office hours. Subject of Class. Problems and solutions in computer security

christopher-monroe
Download Presentation

Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IntroductionCS 239Advanced Topics in Computer Security Peter ReiherSeptember 23, 2010

  2. Outline • Subject of class • Class topics and organization • Reading material • Class web page • Grading • Projects • Office hours

  3. Subject of Class • Problems and solutions in computer security • Concentrating on unsolved problems and recent research • Covering networks, systems, other aspects of computer security • Including privacy • Intended for students with serious research interest in security

  4. Class Organization • Graduate level seminar class • Concerning topics of ongoing research in security • Based around group discussions • Not formal lectures

  5. A Typical Class • Someone (usually one of you) will spend 15-20 minutes outlining a topic • Remainder of class will be spent discussing it • Whoever presented it should lead discussion • Generally, everyone will lead a discussion at some point

  6. Topics to Be Covered • Many of the following: • Taint tracking • Distributed denial of service attacks • Privacy and social networking • TPM and related technologies • Malware for portable devices • Botnets • Security for ubiquitous computing • Security versus usability

  7. More Topics • BGP security • DNS security • Cyberwarfare and cyber-deterrence • Novel hardware attacks (e.g., cold boot, firmware attacks) • Privacy and data mining • Security education • Web security • Internet tools for privacy

  8. Yet More Topics • Measuring security • Data provenance tracking • Attack attribution • Insider threat detection • Trust • Novel access control mechanisms • Biometric authentication • Security for vehicular networks • Analyzing malware

  9. And a Few More Topics • Virtual machine approaches to security • Security for cloud computing • Preventing information leaks • Social engineering and defenses against it • Computer forensics • Not intended as an exhaustive list • Your favorite topic might be added

  10. Assigning Topics • Nineteen total classes, counting today • I’ll take the next two classes • One day for midterm • Two days for project presentations • That leaves 13 more classes • 2 students lead discussion on some topic • To be decided by the end of second class • First come, first served

  11. Reading Material • No textbook • 2-4 papers for each class • Some selected by me • Some by class leader • Papers will be made available on class web page • In some cases, web pages may be used instead of papers

  12. Class Web Page • http://www.lasr.cs.ucla.edu/classes/239_1.fall10 • Will show class schedule • And list papers for each class • With links to them • Other useful information also there

  13. Grading • 20% midterm • 40% class participation • 40% project • No final exam

  14. Midterm Exam • Essay questions based on material in first half of class • Probably three questions • Open notes • Including papers

  15. Class Participation • Covers both class you lead (15%) and participation in other classes (25%) • Not graded on brilliance • But on involvement and ability to contribute to discussion • If you can’t regularly attend this class, you won’t do well in it

  16. Leading a Class Discussion • Should focus on: • Analysis of the problem • Critiques of existing solutions • Suggested improvements to those • Or new solution approaches • Think of it as being part of a research team looking at this problem • Goal is to spark a discussion • Not to spend two hours reviewing the papers that were assigned

  17. Slides for Presentations • Not required, but a good idea • If possible, send them to me ahead of time • So I can post them on the web page • I’ll bring a projector to every class

  18. Class Projects • Half of your grade • Group projects (2-4 people) • On some topic involving network security • Must be a research topic • Not just implementing known stuff

  19. Project Proposals • Project proposals due at end of 4th week of class (October 15) • 1-page summary of what you want to do • Can be submitted as hard copy or email • Not graded, but required

  20. Project Status Reports • Due at end of 7th week of classes (November 5) • 1-3 page summaries of the progress you’ve made to that date • Hint: there should be some • Hard copy or email OK • Not graded, but required

  21. Project Presentation • Last two class days reserved for project presentations • In-class presentation of your project • Demo, if feasible • Graded as part of project itself

  22. Project Demonstration • If not feasible to demo in class, arrange a separate demo with me • Projects should (usually) produce something demonstrable • Important that demo shows off something interesting about project • Graded as part of project

  23. Project Reports • Written reports on project • Due Monday of finals week (December 10) • 15 pages is typical length • Should: • Describe problem and approach • Cover difficulties and interesting points • Describe implementation • Show that you’ve learned something from it!

  24. What Makes a Good Project? • Probably requires coding • Hardware OK, if you can do it • Theoretical work acceptable, but you’ll need real results • Probably requires testing and/or measurement • Should be research • Original work no one else has already done • Based on a promising idea • Ideally, this should be capable of being converted to a publishable research paper

  25. Office Hours • MW 2-3 • In 3532F Boelter Hall • I’m around a lot, so other times can be arranged by appointment

  26. Prerequisites • Should have taken an operating system and a networking class • Should have taken my CS 136 on Computer Security • Or similar class elsewhere • I’m not going to check on this • But I’ll assume you know this material • I won’t be presenting reviews of this material

  27. Kinds of Security Things You Should Know About • IPsec and SSL • Key exchange protocols, certificates, certification hierarchies • Common attack classes (e.g., man in the middle, replay, buffer overflows) • Basics of security threats and mechanisms • Use of cryptography for authentication, privacy, and other purposes • Basics of firewalls and virus protection systems • Basics of viruses and worms

  28. Kinds of Operating System Things You Should Know • Operating system structure and organization • Memory management • File system architecture • Booting and hardware interactions • Virtual machine technology • Process management and scheduling

  29. Kinds of Networking Things You Should Know About • TCP/IP • Routing protocols • How DNS works • Basics of wireless networks • Basic design and architecture of the Internet • Basics of application-layer protocols (e.g., HTTP)

More Related